文档章节

ssh-keygen生成的id_rsa文件的格式

simpower
 simpower
发布于 2019/11/25 13:39
字数 4458
阅读 78
收藏 0

3 月,跳不动了?>>>

背景

在Linux上我们来生成一对RSA的公钥和私钥的时候,我们通常使用下面的命令:

gemfield@gemfeld:~$ ssh-keygen 
Generating public/private rsa key pair.
Enter file in which to save the key (/home/gemfield/.ssh/id_rsa): 
Created directory '/home/gemfield/.ssh'.
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/gemfield/.ssh/id_rsa.
Your public key has been saved in /home/gemfield/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:/R8cHaF/fFHccc3GaPCTqHKpQxTO8mQLtx2wE+U4L3s gemfield@gemfeld.org
The key's randomart image is:
+---[RSA 2048]----+
|        +.. .. B*|
|       o B   o+.@|
|      o % o .o++ |
|       O O +  .+o|
|        S B   ..=|
|       . * . . .o|
|        + E . o  |
|         o   . . |
|              .  |
+----[SHA256]-----+

注意输出的内容中有这2句:

Your identification has been saved in /home/gemfield/.ssh/id_rsa.
Your public key has been saved in /home/gemfield/.ssh/id_rsa.pub

gemfield@gemfeld:~$ ls -l .ssh
total 8
-rw------- 1 gemfield gemfield 1679 Feb 23 07:34 id_rsa
-rw-r--r-- 1 gemfield gemfield  402 Feb 23 07:34 id_rsa.pub

其中,/home/gemfield/.ssh/id_rsa.pub就是公钥文件。而/home/gemfield/.ssh/id_rsa文件中则包含了私钥信息。你可以从上面的命令行输出中看到这两个文件的权限都不一样。

公钥(id_rsa.pub)

1,首先来看下公钥文件的内容:

gemfield@gemfeld:~$ cat ~/.ssh/id_rsa.pub 
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCd0w3NBkf7qoRIDoIEQslm2Ep3/kp/+U4HDgueJV8LmYSXFvk1VyLmnP8xDStoka8DNOAVFRv+1pR8sJxXlpVH+Ufy8unUBuIgZjjjd/Pt8ZRhXgAh6F0khyQLPt+rP4Wh+U/Z/ETdFsC5WSxuVND+DyZ0/Ez0b+bXolT3TMPWK8VghSoMd4vq5rC+urTLRgv5ULk9lbpmbdIGL8kKpxh0eME7EnEHpp4rkPoLjQ1ftGWJQvoDhal2dlruMsLdLq8WA4wZP6cinx8AKHFxIeBhtlAijvhBxrpr3PitNcV4FKmZcIPD6V8qrS4gguLR/a19wqulRirGlQEmFv3V2uE/ gemfield@gemfeld.org
gemfield@gemfeld:~$

2,公钥文件的内容由3个字段组成(使用空格分隔),其中第二个字段是公钥本身。

gemfield@gemfeld:~$ awk '{print $2}' ~/.ssh/id_rsa.pub
AAAAB3NzaC1yc2EAAAADAQABAAABAQCd0w3NBkf7qoRIDoIEQslm2Ep3/kp/+U4HDgueJV8LmYSXFvk1VyLmnP8xDStoka8DNOAVFRv+1pR8sJxXlpVH+Ufy8unUBuIgZjjjd/Pt8ZRhXgAh6F0khyQLPt+rP4Wh+U/Z/ETdFsC5WSxuVND+DyZ0/Ez0b+bXolT3TMPWK8VghSoMd4vq5rC+urTLRgv5ULk9lbpmbdIGL8kKpxh0eME7EnEHpp4rkPoLjQ1ftGWJQvoDhal2dlruMsLdLq8WA4wZP6cinx8AKHFxIeBhtlAijvhBxrpr3PitNcV4FKmZcIPD6V8qrS4gguLR/a19wqulRirGlQEmFv3V2uE/
gemfield@gemfeld:~$

3,id_rsa.pub文件里的公钥已经被base64编码了,gemfield先使用base64命令进行decode

gemfield@gemfeld:~$ awk '{print $2}' ~/.ssh/id_rsa.pub | base64 -d | hexdump -C
00000000  00 00 00 07 73 73 68 2d  72 73 61 00 00 00 03 01  |....ssh-rsa.....|
00000010  00 01 00 00 01 01 00 9d  d3 0d cd 06 47 fb aa 84  |............G...|
00000020  48 0e 82 04 42 c9 66 d8  4a 77 fe 4a 7f f9 4e 07  |H...B.f.Jw.J..N.|
00000030  0e 0b 9e 25 5f 0b 99 84  97 16 f9 35 57 22 e6 9c  |...%_......5W"..|
00000040  ff 31 0d 2b 68 91 af 03  34 e0 15 15 1b fe d6 94  |.1.+h...4.......|
00000050  7c b0 9c 57 96 95 47 f9  47 f2 f2 e9 d4 06 e2 20  ||..W..G.G...... |
00000060  66 38 e3 77 f3 ed f1 94  61 5e 00 21 e8 5d 24 87  |f8.w....a^.!.]$.|
00000070  24 0b 3e df ab 3f 85 a1  f9 4f d9 fc 44 dd 16 c0  |$.>..?...O..D...|
00000080  b9 59 2c 6e 54 d0 fe 0f  26 74 fc 4c f4 6f e6 d7  |.Y,nT...&t.L.o..|
00000090  a2 54 f7 4c c3 d6 2b c5  60 85 2a 0c 77 8b ea e6  |.T.L..+.`.*.w...|
000000a0  b0 be ba b4 cb 46 0b f9  50 b9 3d 95 ba 66 6d d2  |.....F..P.=..fm.|
000000b0  06 2f c9 0a a7 18 74 78  c1 3b 12 71 07 a6 9e 2b  |./....tx.;.q...+|
000000c0  90 fa 0b 8d 0d 5f b4 65  89 42 fa 03 85 a9 76 76  |....._.e.B....vv|
000000d0  5a ee 32 c2 dd 2e af 16  03 8c 19 3f a7 22 9f 1f  |Z.2........?."..|
000000e0  00 28 71 71 21 e0 61 b6  50 22 8e f8 41 c6 ba 6b  |.(qq!.a.P"..A..k|
000000f0  dc f8 ad 35 c5 78 14 a9  99 70 83 c3 e9 5f 2a ad  |...5.x...p..._*.|
00000100  2e 20 82 e2 d1 fd ad 7d  c2 ab a5 46 2a c6 95 01  |. .....}...F*...|
00000110  26 16 fd d5 da e1 3f                              |&.....?|
00000117

好了,现在就直观多了。

a, 前4个字节 (00 00 00 07) 说明了接下来的数据块是7个字节长,接下来的7个字节的内容就是73 73 68 2d 72 73 61, 正是字符串 "ssh-rsa" 的ASCII编码;

b, 再接下来4个字节(00 00 00 03)说明了接下来的数据块是3个字节长,接下来的4个字节的内容就是01 00 01,换算成十进制是65537,这个数字正是exponent e(参考从简单数字到现代密码学),一般来说,e都会选择65537;

gemfield@gemfeld:~$ echo "$((16#010001))"
65537

c, 再接下来4个字节(00 00 01 01)说明了接下来的数据快是257个字节长,这257个字节的内容是:009dd30dcd0647fbaa84480e820442c966d84a77fe4a7ff94e070e0b9e255f0b99849716f9355722e69cff310d2b6891af0334e015151bfed6947cb09c57969547f947f2f2e9d406e2206638e377f3edf194615e0021e85d2487240b3edfab3f85a1f94fd9fc44dd16c0b9592c6e54d0fe0f2674fc4cf46fe6d7a254f74cc3d62bc560852a0c778beae6b0bebab4cb460bf950b93d95ba666dd2062fc90aa7187478c13b127107a69e2b90fa0b8d0d5fb4658942fa0385a976765aee32c2dd2eaf16038c193fa7229f1f0028717121e061b650228ef841c6ba6bdcf8ad35c57814a9997083c3e95f2aad2e2082e2d1fdad7dc2aba5462ac695012616fdd5dae13f

gemfield@gemfeld:~$ N=$(awk '{print $2}' ~/.ssh/id_rsa.pub | base64 -d | hexdump -ve '1/1 "%.2x"')
gemfield@gemfeld:~$ echo ${N: -257*2}
009dd30dcd0647fbaa84480e820442c966d84a77fe4a7ff94e070e0b9e255f0b99849716f9355722e69cff310d2b6891af0334e015151bfed6947cb09c57969547f947f2f2e9d406e2206638e377f3edf194615e0021e85d2487240b3edfab3f85a1f94fd9fc44dd16c0b9592c6e54d0fe0f2674fc4cf46fe6d7a254f74cc3d62bc560852a0c778beae6b0bebab4cb460bf950b93d95ba666dd2062fc90aa7187478c13b127107a69e2b90fa0b8d0d5fb4658942fa0385a976765aee32c2dd2eaf16038c193fa7229f1f0028717121e061b650228ef841c6ba6bdcf8ad35c57814a9997083c3e95f2aad2e2082e2d1fdad7dc2aba5462ac695012616fdd5dae13f

这个大数字正是modulus N(参考从简单数字到现代密码学)。因为它是个有符号的数据,所以开头的00表示它是正整数,余下的256个字节说明了这个modulus N的长度有2048位,来自两个大质数p和q的乘积。这个时候,gemfield不禁回想起在本文背景中Linux console上ssh-keygen命令的输出有[RSA 2048]的字样,原来如此。

私钥(id_rsa)

私钥文件的内容就不能给人看了,不过gemfield这个是实验环境,就无所谓了。

id_rsa文件是base64编码的DER-encoded(Distinguished Encoding Rules,使用了 tag-length-value notation,妈呀,开发实现ss7协议的时候天天和这个玩意打交道)字符串,使用了ASN.1语法:

Version ::= INTEGER { two-prime(0), multi(1) }
      (CONSTRAINED BY
      {-- version must be multi if otherPrimeInfos present --})

  RSAPrivateKey ::= SEQUENCE {
      version           Version,
      modulus           INTEGER,  -- n
      publicExponent    INTEGER,  -- e
      privateExponent   INTEGER,  -- d
      prime1            INTEGER,  -- p
      prime2            INTEGER,  -- q
      exponent1         INTEGER,  -- d mod (p-1)
      exponent2         INTEGER,  -- d mod (q-1)
      coefficient       INTEGER,  -- (inverse of q) mod p
      otherPrimeInfos   OtherPrimeInfos OPTIONAL
  }

1,首先来看看私钥文件的内容:

gemfield@gemfeld:~$ cat ~/.ssh/id_rsa
-----BEGIN RSA PRIVATE KEY-----
MIIEpQIBAAKCAQEAndMNzQZH+6qESA6CBELJZthKd/5Kf/lOBw4LniVfC5mElxb5
NVci5pz/MQ0raJGvAzTgFRUb/taUfLCcV5aVR/lH8vLp1AbiIGY443fz7fGUYV4A
IehdJIckCz7fqz+FoflP2fxE3RbAuVksblTQ/g8mdPxM9G/m16JU90zD1ivFYIUq
DHeL6uawvrq0y0YL+VC5PZW6Zm3SBi/JCqcYdHjBOxJxB6aeK5D6C40NX7RliUL6
A4WpdnZa7jLC3S6vFgOMGT+nIp8fAChxcSHgYbZQIo74Qca6a9z4rTXFeBSpmXCD
w+lfKq0uIILi0f2tfcKrpUYqxpUBJhb91drhPwIDAQABAoIBAD+nvXxBGU1vNBVg
DJ6tVVAu0rJdFS1Sn18HEjaB+jjSfYD3GiKid4guMFtXZXeysrUHYY3/SqBZaeB0
10oYiTNTXuqlgRwsfo30zOMqIW+KLX+sCz+h2dd+zlHe1RXb9AklZkiUkC3gHHFl
fx8tBHJEKA2tKVi5vZChf8WS57X8pWT+GAGjJ/Ei3PjrO5OJ8OKemhY1/91S9mMW
d45dG+/LLRgF7EuTImbhmiQi0nr2S4Xy1WiazweM0EEn9E/XVoSysUDVV2G5aHHA
E5oHtj/0ZPE7/zTYNKHi2+w1vHMJUfGkOHdw54WKoVKSIBanD6/wHmYK38tVyNkr
h79ybjECgYEAyZtjTYzn5yp+ACTrX0z905hqqrNCltlXiqmsFPBfNWmpq91GpkgF
QEyvF9Q0MFA/vflNfZwKrB25INcu/y7+J5BAN6QLAIpMmfGNpnDI071G7aoNDU4I
uSm34AhcM8ba/i+noz30xBbu5zxhSjSmKl6SYR9ZF+FKeu5L+GqE3AcCgYEAyGew
H06cu1zolkyA2ktapXuV3nTwk0XHb+RdjuySTW5vnvAdZMCfrAv0pxe3eonRATP8
7h6g96/sgCkB1SJwvI51PcfNVxncA54ITlY199UxMIAcVrKgexfTtN6r/FqYraQf
7G3ikC/gVwO1kJaILONHqseJ0y1K3wTWWm7ocwkCgYEAnEzc8w2v6Lc30nLNDCiL
jRVYdRjfIkZEKVub7uvgVG+jvHujv1yMvan2ATpib6Z3lJgILL7iQ0gT89MAO5S6
NAAQ2VJTuUp/UsZD9GryN75BlBZHYi5CcxNV29l/aiDcPT7C77sj3TaOZzWXk8k3
nheN0sBT+UCP1riSq3ghotcCgYEAxCbI+julqLXtaX8D96Yd2S83p39qIZwA8wHg
mQ3wvR1E35pCCuWG44zoL8xE6AmQqs7J1//eqdBleaOpiYWmNshw9MFluMU01c2O
b65uMF9ZQBGEq083SIQv0S7Jw7yhCARGwtFjGqHhwQl+Y0ETlGv5L60St8HzMIq5
i9ZWapECgYEAt4jizTpFET+ouSwq3iz5JG+GlB8vFrxKow9s3/fRQLUg7urptB7t
RwxwXd7fBMdyc8h+OCftiPOHpuA0SY0rVuqv5y2MFXxYcQIeRQzZ69psGbi69/Vw
6K+1DRknHOSqo8rjTUQb2Nxd38H75IkD6a6+ezvEP1740+iE5V5AzKM=
-----END RSA PRIVATE KEY-----

呃,我们把中间那部分base64编码的私钥信息decode出来,看看里面都包含了什么。

2,解码私钥:

gemfield@gemfeld:~$ cat ~/.ssh/id_rsa | grep -v -- '--'|  base64 -d | hexdump -C
00000000  30 82 04 a5 02 01 00 02  82 01 01 00 9d d3 0d cd  |0...............|
00000010  06 47 fb aa 84 48 0e 82  04 42 c9 66 d8 4a 77 fe  |.G...H...B.f.Jw.|
00000020  4a 7f f9 4e 07 0e 0b 9e  25 5f 0b 99 84 97 16 f9  |J..N....%_......|
00000030  35 57 22 e6 9c ff 31 0d  2b 68 91 af 03 34 e0 15  |5W"...1.+h...4..|
00000040  15 1b fe d6 94 7c b0 9c  57 96 95 47 f9 47 f2 f2  |.....|..W..G.G..|
00000050  e9 d4 06 e2 20 66 38 e3  77 f3 ed f1 94 61 5e 00  |.... f8.w....a^.|
00000060  21 e8 5d 24 87 24 0b 3e  df ab 3f 85 a1 f9 4f d9  |!.]$.$.>..?...O.|
00000070  fc 44 dd 16 c0 b9 59 2c  6e 54 d0 fe 0f 26 74 fc  |.D....Y,nT...&t.|
00000080  4c f4 6f e6 d7 a2 54 f7  4c c3 d6 2b c5 60 85 2a  |L.o...T.L..+.`.*|
00000090  0c 77 8b ea e6 b0 be ba  b4 cb 46 0b f9 50 b9 3d  |.w........F..P.=|
000000a0  95 ba 66 6d d2 06 2f c9  0a a7 18 74 78 c1 3b 12  |..fm../....tx.;.|
000000b0  71 07 a6 9e 2b 90 fa 0b  8d 0d 5f b4 65 89 42 fa  |q...+....._.e.B.|
000000c0  03 85 a9 76 76 5a ee 32  c2 dd 2e af 16 03 8c 19  |...vvZ.2........|
000000d0  3f a7 22 9f 1f 00 28 71  71 21 e0 61 b6 50 22 8e  |?."...(qq!.a.P".|
000000e0  f8 41 c6 ba 6b dc f8 ad  35 c5 78 14 a9 99 70 83  |.A..k...5.x...p.|
000000f0  c3 e9 5f 2a ad 2e 20 82  e2 d1 fd ad 7d c2 ab a5  |.._*.. .....}...|
00000100  46 2a c6 95 01 26 16 fd  d5 da e1 3f 02 03 01 00  |F*...&.....?....|
00000110  01 02 82 01 00 3f a7 bd  7c 41 19 4d 6f 34 15 60  |.....?..|A.Mo4.`|
00000120  0c 9e ad 55 50 2e d2 b2  5d 15 2d 52 9f 5f 07 12  |...UP...].-R._..|
00000130  36 81 fa 38 d2 7d 80 f7  1a 22 a2 77 88 2e 30 5b  |6..8.}...".w..0[|
00000140  57 65 77 b2 b2 b5 07 61  8d ff 4a a0 59 69 e0 74  |Wew....a..J.Yi.t|
00000150  d7 4a 18 89 33 53 5e ea  a5 81 1c 2c 7e 8d f4 cc  |.J..3S^....,~...|
00000160  e3 2a 21 6f 8a 2d 7f ac  0b 3f a1 d9 d7 7e ce 51  |.*!o.-...?...~.Q|
00000170  de d5 15 db f4 09 25 66  48 94 90 2d e0 1c 71 65  |......%fH..-..qe|
00000180  7f 1f 2d 04 72 44 28 0d  ad 29 58 b9 bd 90 a1 7f  |..-.rD(..)X.....|
00000190  c5 92 e7 b5 fc a5 64 fe  18 01 a3 27 f1 22 dc f8  |......d....'."..|
000001a0  eb 3b 93 89 f0 e2 9e 9a  16 35 ff dd 52 f6 63 16  |.;.......5..R.c.|
000001b0  77 8e 5d 1b ef cb 2d 18  05 ec 4b 93 22 66 e1 9a  |w.]...-...K."f..|
000001c0  24 22 d2 7a f6 4b 85 f2  d5 68 9a cf 07 8c d0 41  |$".z.K...h.....A|
000001d0  27 f4 4f d7 56 84 b2 b1  40 d5 57 61 b9 68 71 c0  |'.O.V...@.Wa.hq.|
000001e0  13 9a 07 b6 3f f4 64 f1  3b ff 34 d8 34 a1 e2 db  |....?.d.;.4.4...|
000001f0  ec 35 bc 73 09 51 f1 a4  38 77 70 e7 85 8a a1 52  |.5.s.Q..8wp....R|
00000200  92 20 16 a7 0f af f0 1e  66 0a df cb 55 c8 d9 2b  |. ......f...U..+|
00000210  87 bf 72 6e 31 02 81 81  00 c9 9b 63 4d 8c e7 e7  |..rn1......cM...|
00000220  2a 7e 00 24 eb 5f 4c fd  d3 98 6a aa b3 42 96 d9  |*~.$._L...j..B..|
00000230  57 8a a9 ac 14 f0 5f 35  69 a9 ab dd 46 a6 48 05  |W....._5i...F.H.|
00000240  40 4c af 17 d4 34 30 50  3f bd f9 4d 7d 9c 0a ac  |@L...40P?..M}...|
00000250  1d b9 20 d7 2e ff 2e fe  27 90 40 37 a4 0b 00 8a  |.. .....'.@7....|
00000260  4c 99 f1 8d a6 70 c8 d3  bd 46 ed aa 0d 0d 4e 08  |L....p...F....N.|
00000270  b9 29 b7 e0 08 5c 33 c6  da fe 2f a7 a3 3d f4 c4  |.)...\3.../..=..|
00000280  16 ee e7 3c 61 4a 34 a6  2a 5e 92 61 1f 59 17 e1  |...<aJ4.*^.a.Y..|
00000290  4a 7a ee 4b f8 6a 84 dc  07 02 81 81 00 c8 67 b0  |Jz.K.j........g.|
000002a0  1f 4e 9c bb 5c e8 96 4c  80 da 4b 5a a5 7b 95 de  |.N..\..L..KZ.{..|
000002b0  74 f0 93 45 c7 6f e4 5d  8e ec 92 4d 6e 6f 9e f0  |t..E.o.]...Mno..|
000002c0  1d 64 c0 9f ac 0b f4 a7  17 b7 7a 89 d1 01 33 fc  |.d........z...3.|
000002d0  ee 1e a0 f7 af ec 80 29  01 d5 22 70 bc 8e 75 3d  |.......).."p..u=|
000002e0  c7 cd 57 19 dc 03 9e 08  4e 56 35 f7 d5 31 30 80  |..W.....NV5..10.|
000002f0  1c 56 b2 a0 7b 17 d3 b4  de ab fc 5a 98 ad a4 1f  |.V..{......Z....|
00000300  ec 6d e2 90 2f e0 57 03  b5 90 96 88 2c e3 47 aa  |.m../.W.....,.G.|
00000310  c7 89 d3 2d 4a df 04 d6  5a 6e e8 73 09 02 81 81  |...-J...Zn.s....|
00000320  00 9c 4c dc f3 0d af e8  b7 37 d2 72 cd 0c 28 8b  |..L......7.r..(.|
00000330  8d 15 58 75 18 df 22 46  44 29 5b 9b ee eb e0 54  |..Xu.."FD)[....T|
00000340  6f a3 bc 7b a3 bf 5c 8c  bd a9 f6 01 3a 62 6f a6  |o..{..\.....:bo.|
00000350  77 94 98 08 2c be e2 43  48 13 f3 d3 00 3b 94 ba  |w...,..CH....;..|
00000360  34 00 10 d9 52 53 b9 4a  7f 52 c6 43 f4 6a f2 37  |4...RS.J.R.C.j.7|
00000370  be 41 94 16 47 62 2e 42  73 13 55 db d9 7f 6a 20  |.A..Gb.Bs.U...j |
00000380  dc 3d 3e c2 ef bb 23 dd  36 8e 67 35 97 93 c9 37  |.=>...#.6.g5...7|
00000390  9e 17 8d d2 c0 53 f9 40  8f d6 b8 92 ab 78 21 a2  |.....S.@.....x!.|
000003a0  d7 02 81 81 00 c4 26 c8  fa 3b a5 a8 b5 ed 69 7f  |......&..;....i.|
000003b0  03 f7 a6 1d d9 2f 37 a7  7f 6a 21 9c 00 f3 01 e0  |...../7..j!.....|
000003c0  99 0d f0 bd 1d 44 df 9a  42 0a e5 86 e3 8c e8 2f  |.....D..B....../|
000003d0  cc 44 e8 09 90 aa ce c9  d7 ff de a9 d0 65 79 a3  |.D...........ey.|
000003e0  a9 89 85 a6 36 c8 70 f4  c1 65 b8 c5 34 d5 cd 8e  |....6.p..e..4...|
000003f0  6f ae 6e 30 5f 59 40 11  84 ab 4f 37 48 84 2f d1  |o.n0_Y@...O7H./.|
00000400  2e c9 c3 bc a1 08 04 46  c2 d1 63 1a a1 e1 c1 09  |.......F..c.....|
00000410  7e 63 41 13 94 6b f9 2f  ad 12 b7 c1 f3 30 8a b9  |~cA..k./.....0..|
00000420  8b d6 56 6a 91 02 81 81  00 b7 88 e2 cd 3a 45 11  |..Vj.........:E.|
00000430  3f a8 b9 2c 2a de 2c f9  24 6f 86 94 1f 2f 16 bc  |?..,*.,.$o.../..|
00000440  4a a3 0f 6c df f7 d1 40  b5 20 ee ea e9 b4 1e ed  |J..l...@. ......|
00000450  47 0c 70 5d de df 04 c7  72 73 c8 7e 38 27 ed 88  |G.p]....rs.~8'..|
00000460  f3 87 a6 e0 34 49 8d 2b  56 ea af e7 2d 8c 15 7c  |....4I.+V...-..||
00000470  58 71 02 1e 45 0c d9 eb  da 6c 19 b8 ba f7 f5 70  |Xq..E....l.....p|
00000480  e8 af b5 0d 19 27 1c e4  aa a3 ca e3 4d 44 1b d8  |.....'......MD..|
00000490  dc 5d df c1 fb e4 89 03  e9 ae be 7b 3b c4 3f 5e  |.].........{;.?^|
000004a0  f8 d3 e8 84 e5 5e 40 cc  a3                       |.....^@..|
000004a9

好了,这下又直观多了:

a,第一个字节为30,这是一个SEQUENCE tag,是ASN.1 中sequence tag的值;

b,接下来是82,指明后面2个字节的长度信息是long form;

c,接下来2个字节04a5指明了整个sequence的长度,为1189个字节;也就是说04a5后面还有1189个字节的信息:

gemfield@gemfeld:~$ cat ~/.ssh/id_rsa | grep -v -- '--'|  base64 -d | hexdump -ve '1/1 "%.2x"' | wc -c
2386
gemfield@gemfeld:~$ echo $((2386/2))
1193

可以看到私钥信息一共是1193个字节,除去已经说过的4个字节,后面正好就是1189个字节;

d,接下来一组02 01 00,02是ASN.1 中int tag,01是长度,所以后面的1个字节00就是值,该值为0指明了RSA的版本号,意味着该版本中 RSA的私钥使用了2个质数;

e,接下来02,同理,表示int tag;接下来82表明后面是long form,该格式一味着后面2个字节是长度信息,于是接下来有01 01,说明后面是257个字节的信息,这个正是我们的modulus N;

f,modules N之后,根据本节开始部分给出的格式,后面的内容依次是:

  • publicExponent e
  • privateExponent d
  • prime1 第一个大质数p
  • prime2 第二个大质数q
  • exponent1 d mod (p-1),加密解密无用
  • exponent2 d mod (q-1),加密解密无用
  • coefficient (inverse of q) mod p

其中,只有N、e、d会被直接用于加密解密,而后面的prime1、prime2、exponent1、exponent2、coefficient只是用来校验。事实上,我们可以使用openssl命令直接看这个文件的结构:

gemfield@gemfeld:~$ openssl rsa -text -noout < ~/.ssh/id_rsa
Private-Key: (2048 bit)
modulus:
    00:9d:d3:0d:cd:06:47:fb:aa:84:48:0e:82:04:42:
    c9:66:d8:4a:77:fe:4a:7f:f9:4e:07:0e:0b:9e:25:
    5f:0b:99:84:97:16:f9:35:57:22:e6:9c:ff:31:0d:
    2b:68:91:af:03:34:e0:15:15:1b:fe:d6:94:7c:b0:
    9c:57:96:95:47:f9:47:f2:f2:e9:d4:06:e2:20:66:
    38:e3:77:f3:ed:f1:94:61:5e:00:21:e8:5d:24:87:
    24:0b:3e:df:ab:3f:85:a1:f9:4f:d9:fc:44:dd:16:
    c0:b9:59:2c:6e:54:d0:fe:0f:26:74:fc:4c:f4:6f:
    e6:d7:a2:54:f7:4c:c3:d6:2b:c5:60:85:2a:0c:77:
    8b:ea:e6:b0:be:ba:b4:cb:46:0b:f9:50:b9:3d:95:
    ba:66:6d:d2:06:2f:c9:0a:a7:18:74:78:c1:3b:12:
    71:07:a6:9e:2b:90:fa:0b:8d:0d:5f:b4:65:89:42:
    fa:03:85:a9:76:76:5a:ee:32:c2:dd:2e:af:16:03:
    8c:19:3f:a7:22:9f:1f:00:28:71:71:21:e0:61:b6:
    50:22:8e:f8:41:c6:ba:6b:dc:f8:ad:35:c5:78:14:
    a9:99:70:83:c3:e9:5f:2a:ad:2e:20:82:e2:d1:fd:
    ad:7d:c2:ab:a5:46:2a:c6:95:01:26:16:fd:d5:da:
    e1:3f
publicExponent: 65537 (0x10001)
privateExponent:
    3f:a7:bd:7c:41:19:4d:6f:34:15:60:0c:9e:ad:55:
    50:2e:d2:b2:5d:15:2d:52:9f:5f:07:12:36:81:fa:
    38:d2:7d:80:f7:1a:22:a2:77:88:2e:30:5b:57:65:
    77:b2:b2:b5:07:61:8d:ff:4a:a0:59:69:e0:74:d7:
    4a:18:89:33:53:5e:ea:a5:81:1c:2c:7e:8d:f4:cc:
    e3:2a:21:6f:8a:2d:7f:ac:0b:3f:a1:d9:d7:7e:ce:
    51:de:d5:15:db:f4:09:25:66:48:94:90:2d:e0:1c:
    71:65:7f:1f:2d:04:72:44:28:0d:ad:29:58:b9:bd:
    90:a1:7f:c5:92:e7:b5:fc:a5:64:fe:18:01:a3:27:
    f1:22:dc:f8:eb:3b:93:89:f0:e2:9e:9a:16:35:ff:
    dd:52:f6:63:16:77:8e:5d:1b:ef:cb:2d:18:05:ec:
    4b:93:22:66:e1:9a:24:22:d2:7a:f6:4b:85:f2:d5:
    68:9a:cf:07:8c:d0:41:27:f4:4f:d7:56:84:b2:b1:
    40:d5:57:61:b9:68:71:c0:13:9a:07:b6:3f:f4:64:
    f1:3b:ff:34:d8:34:a1:e2:db:ec:35:bc:73:09:51:
    f1:a4:38:77:70:e7:85:8a:a1:52:92:20:16:a7:0f:
    af:f0:1e:66:0a:df:cb:55:c8:d9:2b:87:bf:72:6e:
    31
prime1:
    00:c9:9b:63:4d:8c:e7:e7:2a:7e:00:24:eb:5f:4c:
    fd:d3:98:6a:aa:b3:42:96:d9:57:8a:a9:ac:14:f0:
    5f:35:69:a9:ab:dd:46:a6:48:05:40:4c:af:17:d4:
    34:30:50:3f:bd:f9:4d:7d:9c:0a:ac:1d:b9:20:d7:
    2e:ff:2e:fe:27:90:40:37:a4:0b:00:8a:4c:99:f1:
    8d:a6:70:c8:d3:bd:46:ed:aa:0d:0d:4e:08:b9:29:
    b7:e0:08:5c:33:c6:da:fe:2f:a7:a3:3d:f4:c4:16:
    ee:e7:3c:61:4a:34:a6:2a:5e:92:61:1f:59:17:e1:
    4a:7a:ee:4b:f8:6a:84:dc:07
prime2:
    00:c8:67:b0:1f:4e:9c:bb:5c:e8:96:4c:80:da:4b:
    5a:a5:7b:95:de:74:f0:93:45:c7:6f:e4:5d:8e:ec:
    92:4d:6e:6f:9e:f0:1d:64:c0:9f:ac:0b:f4:a7:17:
    b7:7a:89:d1:01:33:fc:ee:1e:a0:f7:af:ec:80:29:
    01:d5:22:70:bc:8e:75:3d:c7:cd:57:19:dc:03:9e:
    08:4e:56:35:f7:d5:31:30:80:1c:56:b2:a0:7b:17:
    d3:b4:de:ab:fc:5a:98:ad:a4:1f:ec:6d:e2:90:2f:
    e0:57:03:b5:90:96:88:2c:e3:47:aa:c7:89:d3:2d:
    4a:df:04:d6:5a:6e:e8:73:09
exponent1:
    00:9c:4c:dc:f3:0d:af:e8:b7:37:d2:72:cd:0c:28:
    8b:8d:15:58:75:18:df:22:46:44:29:5b:9b:ee:eb:
    e0:54:6f:a3:bc:7b:a3:bf:5c:8c:bd:a9:f6:01:3a:
    62:6f:a6:77:94:98:08:2c:be:e2:43:48:13:f3:d3:
    00:3b:94:ba:34:00:10:d9:52:53:b9:4a:7f:52:c6:
    43:f4:6a:f2:37:be:41:94:16:47:62:2e:42:73:13:
    55:db:d9:7f:6a:20:dc:3d:3e:c2:ef:bb:23:dd:36:
    8e:67:35:97:93:c9:37:9e:17:8d:d2:c0:53:f9:40:
    8f:d6:b8:92:ab:78:21:a2:d7
exponent2:
    00:c4:26:c8:fa:3b:a5:a8:b5:ed:69:7f:03:f7:a6:
    1d:d9:2f:37:a7:7f:6a:21:9c:00:f3:01:e0:99:0d:
    f0:bd:1d:44:df:9a:42:0a:e5:86:e3:8c:e8:2f:cc:
    44:e8:09:90:aa:ce:c9:d7:ff:de:a9:d0:65:79:a3:
    a9:89:85:a6:36:c8:70:f4:c1:65:b8:c5:34:d5:cd:
    8e:6f:ae:6e:30:5f:59:40:11:84:ab:4f:37:48:84:
    2f:d1:2e:c9:c3:bc:a1:08:04:46:c2:d1:63:1a:a1:
    e1:c1:09:7e:63:41:13:94:6b:f9:2f:ad:12:b7:c1:
    f3:30:8a:b9:8b:d6:56:6a:91
coefficient:
    00:b7:88:e2:cd:3a:45:11:3f:a8:b9:2c:2a:de:2c:
    f9:24:6f:86:94:1f:2f:16:bc:4a:a3:0f:6c:df:f7:
    d1:40:b5:20:ee:ea:e9:b4:1e:ed:47:0c:70:5d:de:
    df:04:c7:72:73:c8:7e:38:27:ed:88:f3:87:a6:e0:
    34:49:8d:2b:56:ea:af:e7:2d:8c:15:7c:58:71:02:
    1e:45:0c:d9:eb:da:6c:19:b8:ba:f7:f5:70:e8:af:
    b5:0d:19:27:1c:e4:aa:a3:ca:e3:4d:44:1b:d8:dc:
    5d:df:c1:fb:e4:89:03:e9:ae:be:7b:3b:c4:3f:5e:
    f8:d3:e8:84:e5:5e:40:cc:a3

最后

这个星球上使用最多的加密算法,就是仰仗于大质数很难分解,真是神奇的数学!

本文转载自:https://zhuanlan.zhihu.com/p/33949377

simpower
粉丝 29
博文 708
码字总数 53502
作品 0
海淀
程序员
私信 提问
加载中

评论(0)

ssh 公钥格式

一、ssh 公钥格式 ssh 公钥主要有两种格式 PEM 公钥格式 PEM 公钥格式也被称为 SECSH 公钥格式 以 BEGIN 行开始,以 END 行结束 ssh 格式 一般分为三部分:密钥类型、base64编码后的密钥、注...

for_
2016/06/15
1.2K
0
使用ssh公钥实现免密码登录

ssh 无密码登录要使用公钥与私钥。linux下可以用用ssh-keygen生成公钥/私钥对,下面我以CentOS为例。 有机器A(192.168.1.155),B(192.168.1.181)。现想A通过ssh免密码登录到B。 首先以root账...

adbug
2016/01/28
270
0
Git与GitHub学习笔记(七)Windows 配置Github ssh key

前言   SSH是建立在应用层和传输层基础上的安全协议,其目的是专为远程登录会话和其他网络服务提供安全性的保障,用过SSH远程登录的人都比较熟悉,可以认为SSH是一种安全的Shell。SSH登录是...

tinywan1227
2017/12/06
0
0
【 Linux学习】SSH连接时出现Host key verification failed的原因及解决方法以及ssh-keygen命令的用法

版权声明:本文为【欧阳鹏】原创文章,欢迎转载,转载请注明出处! 【http://blog.csdn.net/ouyang_peng】 https://blog.csdn.net/qq446282412/article/details/83115290 一、问题描述 今天下...

欧阳鹏
2018/10/17
0
0
使用public/private key让putty(ssh)自动登录|上传下载

方法一:使用puttygen.exe   第一步:生成密匙   运行puttygen.exe,选择需要的密匙类型和长度,使用默认的SSH2(RSA),长度设置为1024就可以了。   passphrase可以为空,免得登录时还是...

银月光海
2015/04/21
237
0

没有更多内容

加载失败,请刷新页面

加载更多

XDR

XDR是一个库 XDR用于将任意类型的数据转化为平台无关的编码,然后传输,到了对应平台按照对应平台标准进行解析。 主要解决的是平台之间字节序的不同。主要是解决数据跨平台解析的问题。 XDR双...

鬼上身跳不过门槛
3分钟前
5
0
霍兰德职业兴趣测试与职业生涯规划

职业生涯规划这个词,相信小伙伴不会第一次听说,而且我肯定听的最多的地方,那就是大四的学堂里。名字听着很高大上,其实跟我们出游做计划差不多,只不过这个周期会很长。职业生涯规划里我们...

蛤蟆丸子
5分钟前
3
0
localStorage设置过期时间

场景# 浏览器端需要存储一个用户的标识和cookie一样需要过期时间,但是用的是localStorage存储。而localStorage一经存储除非手动删除是不会过期的。那就需要自己实现过期机制。网上找了几种简...

stys35
5分钟前
5
0
sessionStorage和LocalStorage区别?

两者都是浏览器提供技术,用于在浏览器端存放数据 –存数据:setItem(k,v) –取数据:getItem(k) –删数据:removeItem(k) 2. 区别: –sessionStorage会话级,浏览器打开到浏览器关闭。 –l...

安然_oschina
27分钟前
13
0
重磅消息:Google和网易集体震荡,联手让一部分游戏先出海!

4月9日参与《出海背后的技术密码》免费直播节目的伙伴,有机会获得由 Google&网易提供给大家的精美礼品。同时,今天文章后面留言点赞第一的伙伴,加文文酱(liwenzhaozhao)领取现金红包 哦!...

张晓衡
28分钟前
14
0

没有更多内容

加载失败,请刷新页面

加载更多

返回顶部
顶部